Do you care about security? Sun doesn't.

So, it's coming up to 1st November, when I'll be publishing a security advisory regarding various programs running on Solaris, and I still haven't heard anything substantial from the Sun security team, who I notified of the general problem long ago.

They told me, back in April:

We are currently investigating all of our code. We have not found anything as of yet. If you have found vulnerable product delivered by Sun Microsystems,we would appreciate if you would share your finding with us.

It occurred to me that since I first contacted them, much of the Solaris source code has become open source, so I could check that for vulnerabilities too. So I just ran a search over that - and found vulnerabilities in just a few minutes.